[gptalk] Re: Unable to RDP to DC's

  • From: "Omar Droubi" <omar@xxxxxxxxxxxxxxxxxxxxx>
  • To: <gptalk@xxxxxxxxxxxxx>
  • Date: Thu, 18 Oct 2007 12:23:15 -0700



I would hurry up and review the security event logs on each of your DCs
to find out what really happened and maybe who did it.


Search in the security log for:


Event Type:        Success Audit

Event Source:    Security

Event Category:                Account Management


I was thinking that maybe someone configured a restricted group- GPO
also- I would also check there.





From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]
On Behalf Of Jason Williams
Sent: Thursday, October 18, 2007 11:37 AM
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Unable to RDP to DC's


Oh man...going to strangle someone. I figured out what the problem is
and still looking to correct it.

Somebody here decided to remove the "domain admins" group from the
builtin\administrators group


Now that i've added it back, I need to let it propagate through my


Im going to go outside and scream now.


Appreciate the help.




On 10/18/07, Darren Mar-Elia <darren@xxxxxxxxxx> wrote: 

It really sounds like you are getting some policies on your DCs that was
not intendd for them-- probably linked at the domain.  Something must
have changed--I would try just installing GPMC on a workstation and see
if you can remotely run RSOP. As a last resort you could temporarily set
block inheritance on the DCs OU to see if that frees things up. 


-----Original Message-----
From: "Jason Williams" <jasonwilliams74@xxxxxxxxx>
To: gptalk@xxxxxxxxxxxxx 
Sent: 10/18/2007 9:31 AM
Subject: [gptalk] Re: Unable to RDP to DC's

Hi Darren,

I have some very odd things that are happening that are making me
nervous. I
am not sure why some of things are occuring, but on edge now. 

For instance, I was able to fix connecting to my DC's via RDP. BUT, I
cannot logon at the console.
Also, i tried to install the GPMC on one of my DC's that did not have it
I get denied. Message is "The system administrator has set policies to 
prevent this installation."
I have tried to open up the "Group Policy Object Editor" on one of my
and I get access denied, which makes no sense because I am using a
admin account. 

Im a little flustered right now and very nervous.
Any suggestions?



On 10/18/07, Darren Mar-Elia <darren@xxxxxxxxxx> wrote:
>  Jason-
> What does GPResults tell you that the effective policy is on a DC? Are
> sure no changes were made to the GPO linked to the DCs OU? GPMC will
> you the Last Modified date on a GPO. 
> Darren
> *From:* gptalk-bounce@xxxxxxxxxxxxx
[mailto:gptalk-bounce@xxxxxxxxxxxxx ] *On
> Behalf Of *Jason Williams
> *Sent:* Thursday, October 18, 2007 8:52 AM
> *To:* gptalk@xxxxxxxxxxxxx
> *Subject:* [gptalk] Unable to RDP to DC's 
> Hello everyone.
> Have a great thing happening this morning that I am still trying to
> down the cause of.
> I came in this morning and a collegue told me he is unable to RDP to
> of our DC's in our company. I confirmed this and receive the following
> message when trying to do so:
> Funny thing is, this was working recently so I need to find out what
> changed. 

[truncated by sender]
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR
by logging into the freelists.org Web interface. Archives for the list
are available at http://www.freelists.org/archives/gptalk/


Other related posts: